Hi, Thanks for the reply David sir.
My rSyslog server is running .... I am attaching your said configurations rSyslog client: http://fpaste.org/45036/ rSyslog server: http://fpaste.org/45039/ Seeking for guidance, Thank you ! *-- * *Cheers, * *Mayur * On Tue, Oct 8, 2013 at 3:33 PM, David Lang <[email protected]> wrote: > what is your rsyslog configuration? there are lots of ways that the > messages could be getting into rsyslog, but not written out anywhere. you > have to have configurations saying to output the logs. > > your netstat shows that something is listening on 514 tcp and udp, it's a > reasonable assumption that this is rsyslog. If you can establish a tcp > connection, that shows that routing and firewalling allow tcp. > > but without seeing your config, we can't say what's wrong. > > David Lang > > On Tue, 8 Oct 2013, Mayur Patil wrote: > > Date: Tue, 8 Oct 2013 14:57:05 +0530 >> From: Mayur Patil <[email protected]> >> To: rsyslog-users <[email protected]>, David Lang <[email protected]> >> Subject: [rsyslog-users] Wireshark is capturing but rSyslog not logging >> >> >> Hi, >> >> I am in a strange problem. >> >> I am able to send an application name *"snort"* logs to rSyslog server. >> >> >> In this case, I am getting error that >> >> *wireshark is perfectly catching the logs of snort but rSyslog is not >> logging the same.* >> >> >> Here is output of my commands please have a look >> >> I am using *CentOS for snort machine* and *Ubuntu for rsyslog server.* >> >> [1] For nc and telnet, >> >> This is the successful output of telnet and nc http://fpaste.org/45010/ >> the resulting messages are appearing in syslog of log server. >> >> [2] For netstat command, >> >> This are the results of netstat particularly on 514 port >> http://fpaste.org/45016/ >> >> where *[root@clc]* is *snort machine* and *[root@logserver]* is the *log >> server machine*. >> >> I have also disabled firewalls on both machines; so *port blocking* is >> also >> >> not >> >> possible. >> >> Where is actual problem I am unable to get? >> >> Seeking for guidance, >> >> Thanks ! >> > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
